diff options
author | Alin Năstac <mrness@gentoo.org> | 2008-10-12 10:33:19 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2008-10-12 10:33:19 +0000 |
commit | 320b6fa34b68433ed46bfefe9e19b4a8efa0e521 (patch) | |
tree | 79a8369ed8539223078ca47657606816901d5d01 /www-apps | |
parent | Respect LINGUAS, bug #183086. (diff) | |
download | historical-320b6fa34b68433ed46bfefe9e19b4a8efa0e521.tar.gz historical-320b6fa34b68433ed46bfefe9e19b4a8efa0e521.tar.bz2 historical-320b6fa34b68433ed46bfefe9e19b4a8efa0e521.zip |
Version bump. Fix insecure usage of temporary files (#240546).
Package-Manager: portage-2.1.4.4
Diffstat (limited to 'www-apps')
5 files changed, 286 insertions, 3 deletions
diff --git a/www-apps/freeradius-dialupadmin/ChangeLog b/www-apps/freeradius-dialupadmin/ChangeLog index d86336de5468..3464533c5bf0 100644 --- a/www-apps/freeradius-dialupadmin/ChangeLog +++ b/www-apps/freeradius-dialupadmin/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for www-apps/freeradius-dialupadmin -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.8 2007/04/14 08:58:32 mrness Exp $ +# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.9 2008/10/12 10:33:19 mrness Exp $ + +*freeradius-dialupadmin-1.80 (12 Oct 2008) + + 12 Oct 2008; Alin Năstac <mrness@gentoo.org> + +files/freeradius-dialupadmin-1.80-gentoo.patch, + +files/freeradius-dialupadmin-1.80-tmpfile.patch, + +freeradius-dialupadmin-1.80.ebuild: + Version bump. Fix insecure usage of temporary files (#240546). 14 Apr 2007; Alin Năstac <mrness@gentoo.org> files/setrootpath, freeradius-dialupadmin-1.70.3.ebuild: diff --git a/www-apps/freeradius-dialupadmin/Manifest b/www-apps/freeradius-dialupadmin/Manifest index 6e98f664205b..cd078ac9eb65 100644 --- a/www-apps/freeradius-dialupadmin/Manifest +++ b/www-apps/freeradius-dialupadmin/Manifest @@ -1,6 +1,20 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX freeradius-dialupadmin-1.70.3-sqldebug.patch 370 RMD160 1d9836e60039d19632e46b0541427d91542adea0 SHA1 cb8c44090bdac45123df60cd99aaff635bab7d0d SHA256 ee25d726bddaa4b29d8146a5d1574e0253a4dbb1786fcfaa4903e9bb8735f844 +AUX freeradius-dialupadmin-1.80-gentoo.patch 1242 RMD160 c0d9ed86fe7e1a8553b4e60462dd913edf9509a2 SHA1 d3b87065dce7c3513875e7e6a061de8bca19b573 SHA256 299372d123545ea77e72215fab1b51b657004392ecd48370ad6e46c587445f67 +AUX freeradius-dialupadmin-1.80-tmpfile.patch 8171 RMD160 3062090e2cf931386ac67cb94279609936f366db SHA1 530dcfdda1ef2740409475065b1987e0bd769b82 SHA256 268dc9012720a35741cbf7c59874274a3ebb9f48a0d53c7759ed14d174a75bb2 AUX setrootpath 200 RMD160 4637664e9a8a2dfede9fe8c7ca25c8d0ee46e748 SHA1 ba117f672450f3d5cfac2969c102da80b84ba48d SHA256 4088512950a512a6c1b02e0355e00750dca37136ec32611a0099d00fdbdd54de DIST freeradius-1.1.6.tar.gz 3175652 RMD160 ed82342938d3845c4e6938b5c4f3117e2397367b SHA1 a40ff6412824daf221bd6e717db253cf32562735 SHA256 d503bac14ca37eab4798f6ab3dbdfb744aa846f7dc76ded45966d127948e71f8 +DIST freeradius-server-2.1.1.tar.gz 3648766 RMD160 34993de091b759a7d0bf9929f72180bf56d818ec SHA1 9c36457f1b9364e413d066f804e850fa2166e3b9 SHA256 48139053bd4498e6ef0535178059286fafd5ad6642b0348936060fd373194147 EBUILD freeradius-dialupadmin-1.70.3.ebuild 2040 RMD160 adadf9dc4ac6f2d278303a18107075b25a53c5ae SHA1 94162227326fdb29f7d0aca1ef60c2ee2742633f SHA256 3292af94c9b7d6e267f30b74d5729886ba60ab19c03150ded8d8c6d9f03cc3ef -MISC ChangeLog 1921 RMD160 0f2dcb93d2cda5d219d1b6f0dbf9f6f1a4ff04ac SHA1 c0c33cb9f3e58c91ef63b6494f99cc13ac861ea3 SHA256 4d8a7a524508181e3ff58e347dcf8c2a73fde3b659f8ffd3b22d615a33ed1f91 +EBUILD freeradius-dialupadmin-1.80.ebuild 2091 RMD160 3a6fc4a520c51c1778afcff90716250dfabbf8e6 SHA1 2ba96f470af3b81d0c0dda0cb77dbb25a0e6c258 SHA256 2ef94764833bc0913184d253d2f3f8e35841e35f3c915f6aae24bce623b63fcd +MISC ChangeLog 2221 RMD160 45bc919b8dddc1ff35e017db6a98fff913c4562a SHA1 c87596ad086a30172745383a1fdceebbd4f53298 SHA256 57a57e3ac5ff8a1706bf524521ad1549da8b9a19e6440426882d83cbdf11b42a MISC metadata.xml 525 RMD160 080584311e2131f337726be131b4f9bfdaf4bc97 SHA1 fa1cfa933f6d17a21b0cb6e17e8e8ee5134e38dc SHA256 9d463524b4e9f87124fc33e6fdea17152c8c5b054f9f1562212822d0839fd8ef +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.9 (GNU/Linux) + +iEYEARECAAYFAkjx0nsACgkQPrHvTlXvhtst3wCgoQXQuQmtvHPtokoBmt6Z9e51 +DwQAnRUUHsWjz+7wdYO3liYWNqP8uhQ3 +=BHC8 +-----END PGP SIGNATURE----- diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch new file mode 100644 index 000000000000..31f8490c5103 --- /dev/null +++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch @@ -0,0 +1,32 @@ +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/Makefile freeradius-server-2.1.1/dialup_admin/Makefile +--- freeradius-server-2.1.1.orig/dialup_admin/Makefile 2008-10-12 10:13:16.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/Makefile 2008-10-12 10:16:16.000000000 +0000 +@@ -4,7 +4,6 @@ + # Version: $Id: freeradius-dialupadmin-1.80-gentoo.patch,v 1.1 2008/10/12 10:33:19 mrness Exp $ + # + +-include ../Make.inc + + DIALUP_PREFIX := /usr/local/dialup_admin + DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf freeradius-server-2.1.1/dialup_admin/conf/admin.conf +--- freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/conf/admin.conf 2008-10-12 09:14:12.000000000 +0000 +@@ -204,7 +204,7 @@ + # + # Uncomment to enable ldap debug + # +-ldap_debug: true ++#ldap_debug: true + # + # Allow for defining the ldap filter used when searching for a user + # Variables supported: +@@ -274,7 +274,7 @@ + # + # Uncomment to enable sql debug + # +-sql_debug: true ++#sql_debug: true + # + # If set to yes then the HTTP credentials (http authentication) + # will be used to connect to the sql server instead of sql_username diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch new file mode 100644 index 000000000000..1da5671761ff --- /dev/null +++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch @@ -0,0 +1,148 @@ +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct freeradius-server-2.1.1/dialup_admin/bin/clean_radacct +--- freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/clean_radacct 2008-10-12 09:29:50.000000000 +0000 +@@ -5,6 +5,7 @@ + # Works with mysql and postgresql + # + use POSIX; ++use File::Temp; + + $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; + $back_days = 35; +@@ -42,11 +43,10 @@ + + $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; + print "$query\n"; +-open TMP, ">/tmp/clean_radacct.query" +- or die "Could not open tmp file\n"; +-print TMP $query; +-close TMP; +-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh $query; ++close $fh; ++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins freeradius-server-2.1.1/dialup_admin/bin/log_badlogins +--- freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/log_badlogins 2008-10-12 10:09:58.000000000 +0000 +@@ -14,6 +14,7 @@ + + use Date::Manip qw(ParseDate UnixDate); + use Digest::MD5; ++use File::Temp; + $|=1; + + $file=shift||'none'; +@@ -29,7 +30,8 @@ + # CHANGE THESE TO MATCH YOUR SETUP + # + #$regexp = 'from client localhost port 135|from client blabla '; +-$tmpfile='/var/tmp/sql.input'; ++$tmpdir=tempdir( CLEANUP => 1 ); ++$tmpfile="$tmpdir/sql.input"; + # + $verbose = 0; + # +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats +--- freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats 2008-10-12 09:29:50.000000000 +0000 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + use POSIX; ++use File::Temp; + + # Log in the mtotacct table aggregated accounting information for + # each user spaning in one month period. +@@ -51,14 +52,13 @@ + AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;"; + print "$query1\n"; + print "$query2\n"; +-open TMP, ">/tmp/tot_stats.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query1; +-print TMP $query2; +-close TMP; +-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query1; ++print $fh $query2; ++close $fh; ++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats freeradius-server-2.1.1/dialup_admin/bin/tot_stats +--- freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/tot_stats 2008-10-12 09:29:50.000000000 +0000 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + use POSIX; ++use File::Temp; + + # Log in the totacct table aggregated daily accounting information for + # each user. +@@ -48,14 +49,13 @@ + AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;"; + print "$query1\n"; + print "$query2\n"; +-open TMP, ">/tmp/tot_stats.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query1; +-print TMP $query2; +-close TMP; +-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query1; ++print $fh $query2; ++close $fh; ++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct +--- freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct 2008-10-12 09:29:50.000000000 +0000 +@@ -5,6 +5,7 @@ + # Works with mysql and postgresql + # + use POSIX; ++use File::Temp; + + $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; + $back_days = 90; +@@ -44,13 +45,12 @@ + $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;"; + $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql'); + print "$query\n"; +-open TMP, ">/tmp/truncate_radacct.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query; +-close TMP; +-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query; ++close $fh; ++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; diff --git a/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild new file mode 100644 index 000000000000..d8ee2c104b27 --- /dev/null +++ b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild,v 1.1 2008/10/12 10:33:19 mrness Exp $ + +inherit eutils webapp +MY_FREERADIUS_PV="2.1.1" + +DESCRIPTION="Web administration interface of freeradius server" +SRC_URI="ftp://ftp.freeradius.org/pub/radius/freeradius-server-${MY_FREERADIUS_PV}.tar.gz" +HOMEPAGE="http://www.freeradius.org/dialupadmin.html" + +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" +LICENSE="GPL-2" + +DEPEND="sys-apps/findutils + sys-apps/sed" +RDEPEND="virtual/php + dev-perl/DateManip + >=net-dialup/freeradius-${MY_FREERADIUS_PV}" + +S="${WORKDIR}/freeradius-server-${MY_FREERADIUS_PV}/dialup_admin" + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}/${P}-gentoo.patch" + epatch "${FILESDIR}/${P}-tmpfile.patch" + + sed -i -e 's:/usr/local:/usr:' \ + -e 's:/usr/etc/raddb:${general_raddb_dir}:' \ + -e 's:/usr/radiusd::' \ + conf/admin.conf + sed -i -e 's:/usr/local:/usr:' bin/* + + #rename files .php3 -> .php + (find . -iname '*.php3' | ( + local PHPFILE + while read PHPFILE; do + mv "${PHPFILE}" "${PHPFILE/.php3/.php}" + done + )) && \ + (find . -type f | xargs sed -i -e 's:[.]php3:.php:g') || \ + die "failed to replace php3 with php" + + # fix dangling ../ to deal with the way webapp-config installs files + find . -name '*.php' | xargs sed -i \ + -e 's:../conf/:../../conf/:' \ + -e 's:../html/:../../html/:' \ + -e 's:../lib/:../../lib/:' +} + +src_install() { + webapp_src_preinst + + insinto "${MY_HTDOCSDIR}" + doins -r htdocs/* + insinto "${MY_HOSTROOTDIR}" + doins -r conf html lib + exeinto "${MY_HOSTROOTDIR}/bin" + dodoc bin/*.cron bin/Changelog* + rm bin/*.cron bin/Changelog* + doexe bin/* + + insinto "${MY_SQLSCRIPTSDIR}" + doins -r sql/* + + dodoc Changelog README doc/* + + webapp_hook_script "${FILESDIR}/setrootpath" + + cd "${D}/${MY_HOSTROOTDIR}" + local CONFFILE + for CONFFILE in conf/* ; do + webapp_configfile "${MY_HOSTROOTDIR}/${CONFFILE}" + webapp_serverowned "${MY_HOSTROOTDIR}/${CONFFILE}" + done + + webapp_src_install +} |